Regarding bug 435682

Fri, 21 Oct 2011 05:39:42 -0700 

Here's a patch for version 2.1.3 which solves bug 435682 (
https://bugzilla.redhat.com/show_bug.cgi?id=435682).
Patched auditctl allows to specify files having spaces in ther names - just
surround a filename with apostrophes.

Hope this will help someone who encountered the same problem. And, maybe,
the bug will be closed at last :)

diff -aurN audit-2.1.3/src/auditctl.c audit-2.1.3_patch//src/auditctl.c
--- audit-2.1.3/src/auditctl.c	2011-08-15 21:31:00.000000000 +0400
+++ audit-2.1.3_patch//src/auditctl.c	2011-10-20 18:10:31.000000000 +0400
@@ -939,6 +939,70 @@
 	return NULL;
 }
 
+
+void preprocess(char *buf)
+{
+    char quote_ctx = 0;
+
+    while (*buf)
+    {
+        if (*buf == '\'')
+            quote_ctx++;
+        
+        if (*buf == ' ' && (quote_ctx & 1))
+            *buf = 0xFF;
+        
+        buf++;
+    }
+}
+
+
+void postprocess(unsigned char *buf)
+{
+    unsigned char *str = strdup(buf);
+    unsigned char *pos1 = str;
+    unsigned char *pos2 = buf;
+    int i = 0;
+    
+    if (!str)
+        return;
+    
+    while (*pos1)
+    {
+        if (*pos1 == '\'')
+            *pos1 = ' ';
+    
+        pos1++;
+    }
+    
+    pos1 = str;
+    pos2 = buf;
+    
+    while (*pos1)
+    {
+        if (*pos1 != ' ')
+        {
+            *pos2 = *pos1;
+            pos2++;
+        }
+
+        pos1++;
+    }
+    
+    *pos2 = 0;
+    
+    while (*buf)
+    {
+        if (*buf == 0xFF)
+            *buf = ' ';
+    
+        buf++;
+    }
+    
+    free(str);
+}
+
+
 /*
  * This function reads the given file line by line and executes the rule.
  * It returns 0 if everything went OK, 1 if there are problems before reading
@@ -1001,6 +1065,8 @@
 		char *options[NUM_OPTIONS];
 		char *ptr;
 		int idx=0;
+		char apst = 0;
+		char *pos = 0;
 
 		/* Weed out blank lines */
 		while (buf[idx] == ' ')
@@ -1009,9 +1075,13 @@
 			lineno++;
 			continue;
 		}
+		
+		preprocess(buf);
+		
 		ptr = strtok(buf, " ");
 		if (ptr == NULL)
 			break;
+		
 		/* allow comments */
 		if (ptr[0] == '#') {
 			lineno++;
@@ -1021,8 +1091,10 @@
 		options[i++] = "auditctl";
 		options[i++] = ptr;
 		while( (ptr=strtok(NULL, " ")) && i<NUM_OPTIONS-1 ) {
+		        postprocess(ptr);
 			options[i++] = ptr;
 		}
+		
 		options[i] = NULL;
 
 		/* Parse it */
@@ -1094,6 +1166,7 @@
 			free(rule_new);
 			return 1;
 		}
+		
 		retval = setopt(argc, 0, argv);
 		if (retval == -3) {
 			free(rule_new);

--
Linux-audit mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/linux-audit

Reply via email to